我試圖透過 keycloak 保護 kibana,但登入後,keycloak-gatekeeper 會拋出錯誤:
info issuing access token for user {"email": "[email protected]", "expires": "2019-03-23T00:18:30Z", "duration": "1m3.401805266s"}
error no session found in request, redirecting for authorization {"error": "authentication session not found"}
我的 keycloak-gatekeeper 設定檔是這樣的:
skip-openid-provider-tls-verify: true
secure-cookie: false
discovery-url: https://keycloak.example.com/auth/realms/REALM
client-id: kibana
client-secret: xxx-xxx...
listen: 0.0.0.0:3000
enable-refresh-tokens: true
redirection-url: http://kibana.example.com/
encryption-key: AgXa7xRcoClDEU0ZDSH4X0XhL5Qy2Z2j
upstream-url: http://kibana:5601
我的 apache2 虛擬主機設定檔是這樣的:
Define VHOST_KIBANA kibana.example.com
<VirtualHost ${VHOST_KIBANA}:80>
ServerName ${VHOST_KIBANA}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyRequests On
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://127.0.0.1:8180/
ProxyPassReverse / http://127.0.0.1:8180/
<Location />
Order allow,deny
Allow from all
</Location>
</VirtualHost>
什麼可能導致該錯誤?謝謝
答案1
問題出在 apache 設定上,這樣就可以正常運作了:
Define VHOST_KIBANA kibana.example.com
<VirtualHost ${VHOST_KIBANA}:80>
ServerName ${VHOST_KIBANA}
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8180/
ProxyPassReverse / http://127.0.0.1:8180/
</VirtualHost>